twisted.conch.ssh.transport.SSHClientTransport

class documentation

class SSHClientTransport(SSHTransportBase): (source)

Known subclasses: twisted.conch.client.direct.SSHClientTransport, twisted.conch.scripts.tkconch.SSHClientTransport, twisted.conch.endpoints._CommandTransport

View In Hierarchy

SSHClientTransport implements the client side of the SSH protocol.

Method	`connectionMade`	Called when the connection is started with the server. Just sets up a private instance variable.
Method	`connectionSecure`	Called when the encryption has been set up. Generally, requestService() is called to run another service over the transport.
Method	`requestService`	Request that a service be run over this transport.
Method	`ssh_KEX_DH_GEX_GROUP`	This handles different messages which share an integer value.
Method	`ssh_KEX_DH_GEX_REPLY`	Called when we receive a MSG_KEX_DH_GEX_REPLY message. Payload:: string server host key integer f (server DH public key)
Method	`ssh_KEXINIT`	Called when we receive a MSG_KEXINIT message. For a description of the packet, see SSHTransportBase.ssh_KEXINIT(). Additionally, this method sends the first key exchange packet.
Method	`ssh_NEWKEYS`	Called when we receive a MSG_NEWKEYS message. No payload. If we've finished setting up our own keys, start using them. Otherwise, remember that we've received this message.
Method	`ssh_SERVICE_ACCEPT`	Called when we receive a MSG_SERVICE_ACCEPT message. Payload:: string service name
Method	`verifyHostKey`	Returns a Deferred that gets a callback if it is a valid key, or an errback if not.
Instance Variable	`e`	our Diffie-Hellman public key.
Instance Variable	`ecPriv`	Undocumented
Instance Variable	`ecPub`	Undocumented
Instance Variable	`g`	the Diffie-Hellman group generator.
Instance Variable	`instance`	the SSHService object we are requesting.
Instance Variable	`isClient`	since we are always the client, this is always True.
Instance Variable	`p`	the Diffie-Hellman group prime
Instance Variable	`x`	our Diffie-Hellman private key.
Method	`_continueGEX_REPLY`	The host key has been verified, so we generate the keys.
Method	`_continueKEXDH_REPLY`	The host key has been verified, so we generate the keys.
Method	`_keySetup`	See SSHTransportBase._keySetup().
Method	`_ssh_KEX_ECDH_REPLY`	Called to handle a reply to a ECDH exchange message(KEX_ECDH_INIT).
Method	`_ssh_KEXDH_REPLY`	Called to handle a reply to a non-group key exchange message (KEXDH_INIT).
Instance Variable	`_dhMaximalGroupSize`	Maximal acceptable group size advertised by the client in MSG_KEX_DH_GEX_REQUEST.
Instance Variable	`_dhMinimalGroupSize`	Minimal acceptable group size advertised by the client in MSG_KEX_DH_GEX_REQUEST.
Instance Variable	`_dhPreferredGroupSize`	Preferred group size advertised by the client in MSG_KEX_DH_GEX_REQUEST.
Instance Variable	`_gotNewKeys`	if we receive a MSG_NEWKEYS message before we are ready to transition to the new keys, this is set to True so we can transition when the keys are ready locally.

Inherited from SSHTransportBase:

Method	`connectionLost`	When the underlying connection is closed, stop the running service (if any), and log out the avatar (if any).
Method	`dataReceived`	First, check for the version string (SSH-2.0-*). After that has been received, this method adds data to the buffer, and pulls out any packets.
Method	`dispatchMessage`	Send a received message to the appropriate method.
Method	`getHost`	Returns an `SSHTransportAddress` corresponding to the this side of transport.
Method	`getPacket`	Try to return a decrypted, authenticated, and decompressed packet out of the buffer. If there is not enough data, return None.
Method	`getPeer`	Returns an `SSHTransportAddress` corresponding to the other (peer) side of this transport.
Method	`isEncrypted`	Check if the connection is encrypted in the given direction.
Method	`isVerified`	Check if the connection is verified/authentication in the given direction.
Method	`kexAlg.setter`	Set the key exchange algorithm name.
Method	`loseConnection`	Lose the connection to the other side, sending a DISCONNECT_CONNECTION_LOST message.
Method	`receiveDebug`	Called when we receive a debug message from the other side.
Method	`receiveError`	Called when we receive a disconnect error message from the other side.
Method	`receiveUnimplemented`	Called when we receive an unimplemented packet message from the other side.
Method	`sendDebug`	Send a debug message to the other side.
Method	`sendDisconnect`	Send a disconnect message to the other side and then disconnect.
Method	`sendIgnore`	Send a message that will be ignored by the other side. This is useful to fool attacks based on guessing packet sizes in the encrypted stream.
Method	`sendKexInit`	Send a KEXINIT message to initiate key exchange or to respond to a key exchange initiated by the peer.
Method	`sendPacket`	Sends a packet. If it's been set up, compress the data, encrypt it, and authenticate it before sending. If key exchange is in progress and the message is not part of key exchange, queue it to be sent later.
Method	`sendUnimplemented`	Send a message to the other side that the last packet was not understood.
Method	`setService`	Set our service to service and start it running. If we were running a service previously, stop it first.
Method	`ssh_DEBUG`	No summary
Method	`ssh_DISCONNECT`	Called when we receive a MSG_DISCONNECT message. Payload:: long code string description
Method	`ssh_IGNORE`	Called when we receive a MSG_IGNORE message. No payload. This means nothing; we simply return.
Method	`ssh_UNIMPLEMENTED`	Called when we receive a MSG_UNIMPLEMENTED message. Payload:: long packet
Instance Variable	`buf`	Data we've received but hasn't been parsed into a packet.
Instance Variable	`comment`	An optional string giving more information about the server or client.
Instance Variable	`currentEncryptions`	an SSHCiphers instance. It represents the current encryption and authentication options for the transport.
Instance Variable	`dhSecretKey`	Undocumented
Instance Variable	`dhSecretKeyPublicMP`	Undocumented
Instance Variable	`first`	the first bytes of the next packet. In order to avoid decrypting data twice, the first bytes are decrypted and stored until the whole packet is available.
Instance Variable	`gotVersion`	A boolean indicating whether we have received the version string from the other side.
Instance Variable	`incomingCompression`	an object supporting the .decompress(str) method, or None if there is no incoming compression. Used to decompress incoming data.
Instance Variable	`incomingCompressionType`	A string representing the incoming compression type.
Instance Variable	`incomingPacketSequence`	the sequence number of the next packet we are expecting from the other side.
Instance Variable	`kexAlg`	The key exchange algorithm name agreed between client and server.
Instance Variable	`keyAlg`	the agreed-upon public key type for the key exchange.
Instance Variable	`nextEncryptions`	an SSHCiphers instance. Held here until the MSG_NEWKEYS messages are exchanged, when nextEncryptions is transitioned to currentEncryptions.
Instance Variable	`otherKexInitPayload`	the MSG_KEXINIT payload we received. Used in the key exchange
Instance Variable	`otherVersionString`	the version string sent by the other side. Used in the key exchange.
Instance Variable	`ourKexInitPayload`	the MSG_KEXINIT payload we sent. Used in the key exchange.
Instance Variable	`ourVersionString`	the version string that we sent to the other side. Used in the key exchange.
Instance Variable	`outgoingCompression`	an object supporting the .compress(str) and .flush() methods, or None if there is no outgoing compression. Used to compress outgoing data.
Instance Variable	`outgoingCompressionType`	A string representing the outgoing compression type.
Instance Variable	`outgoingPacketSequence`	the sequence number of the next packet we will send.
Instance Variable	`protocolVersion`	A string representing the version of the SSH protocol we support. Currently defaults to '2.0'.
Instance Variable	`service`	an SSHService instance, or None. If it's set to an object, it's the currently running service.
Instance Variable	`sessionID`	a string that is unique to this SSH session. Created as part of the key exchange, sessionID is used to generate the various encryption and authentication keys.
Instance Variable	`supportedCiphers`	A list of strings representing the encryption algorithms supported, in order from most-preferred to least.
Instance Variable	`supportedCompressions`	A list of strings representing compression types supported, from most-preferred to least.
Instance Variable	`supportedKeyExchanges`	A list of strings representing the key exchanges supported, in order from most-preferred to least.
Instance Variable	`supportedLanguages`	A list of strings representing languages supported, from most-preferred to least.
Instance Variable	`supportedMACs`	A list of strings representing the message authentication codes (hashes) supported, in order from most-preferred to least. Both this and supportedCiphers can include 'none' to use no encryption or authentication, but that must be done manually,
Instance Variable	`supportedPublicKeys`	A list of strings representing the public key types supported, in order from most-preferred to least.
Instance Variable	`supportedVersions`	A container of strings representing supported ssh protocol version numbers.
Instance Variable	`version`	A string representing the version of the server or client. Currently defaults to 'Twisted'.
Method	`_allowedKeyExchangeMessageType`	Determine if the given message type may be sent while key exchange is in progress.
Method	`_encodeECPublicKey`	Encode an elliptic curve public key to bytes.
Method	`_finishEphemeralDH`	Completes the Diffie-Hellman key agreement started by _startEphemeralDH, and forgets the ephemeral secret key.
Method	`_generateECPrivateKey`	Generate an private key for ECDH key exchange.
Method	`_generateECSharedSecret`	Generate a shared secret for ECDH key exchange.
Method	`_getKey`	Get one of the keys for authentication/encryption.
Method	`_newKeys`	No summary
Method	`_startEphemeralDH`	Prepares for a Diffie-Hellman key agreement exchange.
Method	`_unsupportedVersionReceived`	Called when an unsupported version of the ssh protocol is received from the remote endpoint.
Constant	`_KEY_EXCHANGE_NONE`	Undocumented
Constant	`_KEY_EXCHANGE_PROGRESSING`	Undocumented
Constant	`_KEY_EXCHANGE_REQUESTED`	Undocumented
Class Variable	`_log`	Undocumented
Instance Variable	`_blockedByKeyExchange`	Whenever `_keyExchangeState` is not `_KEY_EXCHANGE_NONE`, this is a `list` of pending messages which were passed to `sendPacket` but could not be sent because it is not legal to send them while a key exchange is in progress. When the key exchange completes, another attempt is made to send these messages.
Instance Variable	`_kexAlg`	Undocumented
Instance Variable	`_keyExchangeState`	The current protocol state with respect to key exchange. This is either `_KEY_EXCHANGE_NONE` if no key exchange is in progress (and returns to this value after any key exchange completqes), `_KEY_EXCHANGE_REQUESTED` if this side of the connection initiated a key exchange, and `_KEY_EXCHANGE_PROGRESSING` if the other side of the connection initiated a key exchange. `_KEY_EXCHANGE_NONE` is the initial value (however SSH connections begin with key exchange, so it will quickly change to another state).

Inherited from Protocol (via SSHTransportBase):

Method	`logPrefix`	Return a prefix matching the class name, to identify log messages related to this protocol instance.
Class Variable	`factory`	Undocumented

Inherited from BaseProtocol (via SSHTransportBase, Protocol):

Method	`makeConnection`	Make a connection to a transport and a server.
Instance Variable	`connected`	Undocumented
Instance Variable	`transport`	Undocumented

def connectionMade(self): (source)

from twisted.internet.interfaces.IProtocol

overrides twisted.conch.ssh.transport.SSHTransportBase.connectionMade

Called when the connection is started with the server. Just sets up a private instance variable.

def connectionSecure(self): (source)

overridden in twisted.conch.client.direct.SSHClientTransport, twisted.conch.scripts.tkconch.SSHClientTransport, twisted.conch.endpoints._CommandTransport

Called when the encryption has been set up. Generally, requestService() is called to run another service over the transport.

def requestService(self, instance): (source)

Request that a service be run over this transport.

Parameters
instance:subclass of `twisted.conch.ssh.service.SSHService`	The service to run.

def ssh_KEX_DH_GEX_GROUP(self, packet): (source)

This handles different messages which share an integer value.

If the key exchange does not have a fixed prime/generator group, we generate a Diffie-Hellman public key and send it in a MSG_KEX_DH_GEX_INIT message.

Payload:

    string g (group generator)
    string p (group prime)

Parameters
packet:`bytes`	The message data.

def ssh_KEX_DH_GEX_REPLY(self, packet): (source)

Called when we receive a MSG_KEX_DH_GEX_REPLY message. Payload:

    string server host key
    integer f (server DH public key)

We verify the host key by calling verifyHostKey, then continue in _continueGEX_REPLY.

Parameters
packet:`bytes`	The message data.
Returns
A deferred firing once key exchange is complete.

def ssh_KEXINIT(self, packet): (source)

overrides twisted.conch.ssh.transport.SSHTransportBase.ssh_KEXINIT

Called when we receive a MSG_KEXINIT message. For a description of the packet, see SSHTransportBase.ssh_KEXINIT(). Additionally, this method sends the first key exchange packet.

If the agreed-upon exchange is ECDH, generate a key pair for the corresponding curve and send the public key.

If the agreed-upon exchange has a fixed prime/generator group, generate a public key and send it in a MSG_KEXDH_INIT message. Otherwise, ask for a 2048 bit group with a MSG_KEX_DH_GEX_REQUEST message.

def ssh_NEWKEYS(self, packet): (source)

Called when we receive a MSG_NEWKEYS message. No payload. If we've finished setting up our own keys, start using them. Otherwise, remember that we've received this message.

Parameters
packet:`bytes`	The message data.

def ssh_SERVICE_ACCEPT(self, packet): (source)

Called when we receive a MSG_SERVICE_ACCEPT message. Payload:

    string service name

Start the service we requested.

Parameters
packet:`bytes`	The message data.

def verifyHostKey(self, hostKey, fingerprint): (source)

overridden in twisted.conch.client.direct.SSHClientTransport, twisted.conch.scripts.tkconch.SSHClientTransport, twisted.conch.endpoints._CommandTransport

Returns a Deferred that gets a callback if it is a valid key, or an errback if not.

Parameters
hostKey:`bytes`	The host key to verify.
fingerprint:`bytes`	The fingerprint of the key.
Returns
A deferred firing with `True` if the key is valid.

e = (source)

our Diffie-Hellman public key.

ecPriv = (source)

Undocumented

ecPub = (source)

Undocumented

g = (source)

the Diffie-Hellman group generator.

instance = (source)

the SSHService object we are requesting.

isClient: bool = (source)

overrides twisted.conch.ssh.transport.SSHTransportBase.isClient

since we are always the client, this is always True.

p = (source)

the Diffie-Hellman group prime

x = (source)

our Diffie-Hellman private key.

def _continueGEX_REPLY(self, ignored, pubKey, f, signature): (source)

The host key has been verified, so we generate the keys.

Parameters
ignored	Ignored.
pubKey:`str`	the public key blob for the server's public key.
f:`int`	the server's Diffie-Hellman public key.
signature:`str`	the server's signature, verifying that it has the correct private key.

def _continueKEXDH_REPLY(self, ignored, pubKey, f, signature): (source)

The host key has been verified, so we generate the keys.

Parameters
ignored	Ignored.
pubKey:`str`	the public key blob for the server's public key.
f:`int`	the server's Diffie-Hellman public key.
signature:`str`	the server's signature, verifying that it has the correct private key.

def _keySetup(self, sharedSecret, exchangeHash): (source)

overrides twisted.conch.ssh.transport.SSHTransportBase._keySetup

See SSHTransportBase._keySetup().

def _ssh_KEX_ECDH_REPLY(self, packet): (source)

Called to handle a reply to a ECDH exchange message(KEX_ECDH_INIT).

Like the handler for KEXDH_INIT, this message type has an overlapping value. This method is called from ssh_KEX_DH_GEX_GROUP if that method detects a non-group key exchange is in progress.

Payload:

    string serverHostKey
    string server Elliptic Curve Diffie-Hellman public key
    string signature

We verify the host key and continue if it passes verificiation. Otherwise raise an exception and return.

Parameters
packet:`bytes`	The message data.
Returns
A deferred firing when key exchange is complete.

def _ssh_KEXDH_REPLY(self, packet): (source)

Called to handle a reply to a non-group key exchange message (KEXDH_INIT).

Like the handler for KEXDH_INIT, this message type has an overlapping value. This method is called from ssh_KEX_DH_GEX_GROUP if that method detects a non-group key exchange is in progress.

Payload:

    string serverHostKey
    integer f (server Diffie-Hellman public key)
    string signature

We verify the host key by calling verifyHostKey, then continue in _continueKEXDH_REPLY.

Parameters
packet:`bytes`	The message data.
Returns
A deferred firing when key exchange is complete.

_dhMaximalGroupSize: int = (source)

Maximal acceptable group size advertised by the client in MSG_KEX_DH_GEX_REQUEST.

_dhMinimalGroupSize: int = (source)

Minimal acceptable group size advertised by the client in MSG_KEX_DH_GEX_REQUEST.

_dhPreferredGroupSize: int = (source)

Preferred group size advertised by the client in MSG_KEX_DH_GEX_REQUEST.

_gotNewKeys: int = (source)

if we receive a MSG_NEWKEYS message before we are ready to transition to the new keys, this is set to True so we can transition when the keys are ready locally.